Summary

Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges.

Details

The pull_request_target in GitHub Actions is a major security concern—especially in public repositories—because it executes untrusted code from a PR, but with the context of the base repository, including access to its secrets.

on:
  pull_request_target:
    types: [opened, synchronize]

Along with code checkout on head.sha, an attacker is able to control the code and change the workflow to execute random code.

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.head_ref }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}

PoC

An attacker has multiple injection point inside the workflow .github/workflows/auto-fix-lint-format-commit.yml.
By changing the file package.json in the repo it's possible to execute the malicious code.
To prove this is possible we did a test by extracting the GITHUB_TOKEN. With the token extracted we were able to create a testing tag poc-v1.1.55 which has been deleted after 2 minutes.

Impact

With GITHUB_TOKEN and write permissions, an attacker is able to completely overtake the repo.

Fix

We suggest to remove pull_request_target from all the workflows and more importantly to remove/fix it in all branches that contain it, or manage to use it properly without checking out untrusted code.
We also advice to properly set the GITHUB_TOKEN permissions properly based on that the workflow needs to do, restricting what it's not necessary.

Kindly reported by @darryk10 and @AlbertoPellitteri